According to a recent report, the University of Michigan and the Michigan State University rank the highest on the list of stolen .edu email addresses, which are sold on the dark web.

The US media outlet wlns.com reported that the two universities within the state of Michigan topped the list of stolen .edu email accounts. The news outlet emphasized the increasing number of cyber attacks happening in the world right now. It is a fact, however, that cybercriminals, using different high-tech methods, are constantly looking for personal information, including banking and credit card details, email addresses, date of birth, and much more, that they can steal from the victims and make big profits from selling the data. Since there are new ways, tools, and techniques for stealing such information, the number of attacks targeting precious personal information has grown in the recent years. Criminals, most of them part of the darknet community, has a big variety of tools and guides offered for sale (and for free too) on different forums and marketplaces on the dark side of the internet, from which they can choose from. With these tools and techniques, cybercriminals can launch attacks on the victims, who are residing in mostly Western countries such as the United States, that could result in the loss of precious data, which can be devastating for the victims. For example, a perfectly mastered phishing email form could trick victims into giving their personal information to the criminals. When the hackers are in possession of such data, they could either use that for their personal schemes or sell them on the dark web for profits.

A March 29th report by the Digital Citizens Alliance revealed that darknet criminals are selling millions of .edu email addresses and passwords on marketplaces and forums. The researchers based their study on:

– Rankings showing the total number of stolen credentials for the 300 largest university and college communities found within sites on the dark web.

– Sites selling Higher Education Institutions (HEIs) credentials on the dark web. These e-mails include those stolen from faculty, staff, students, and alumni, as well as criminals who have created fake e-mails.

– Clear websites where vendors sell credentials.

– Why fake e-mails are valuable and how they can be used in scams.

“During eight years of scanning the Dark Web, ID Agent researchers have discovered 13,930,176 e-mail addresses and passwords belonging to faculty, staff, students, and alumni at U.S. HEIs available to cyber criminals on Dark Web sites. 79 percent of the nearly 14 million credentials were discovered by ID Agent researchers over the 12 months,” the Digital Citizens Alliance stated in a press release.

The report also showed that out of 300 colleges and universities, the University of Michigan topped the list of stolen .edu email addresses with 122,556. Michigan State University was right behind it, with the number of 115,973.

“The way that some of these are being used are just to get discounts for various things that offer discounts to .edu college accounts,” Cale Sauter, Communications Director for Liquid Web, said in a statement. He also added that this kind of “email-selling” is a common practice within cybercriminals. “If they [the cybercriminals] figure out the password for that [the email addresses], they may have a password that would lead to bank accounts or someone’s credit. A lot of hackers are having their spam emails sent directly to a spam folder or more easily identified, sometimes they can get through that by using a .edu email address,” says Sauter, saying that since .edu email addresses are commonly trusted among websites on the internet, it makes them more worth for the criminals.

In total, cybercriminals stole more than 400,000 email addresses from schools in Michigan, according to the report. However, researchers claimed that the criminals did not acquire the emails from a massive data breach, rather, from sites where people have used their .edu email addresses and passwords, such as for online shopping or to log in to social media platforms.

Experts say it’s a good idea to log into old email accounts and change the password to something more secure, adding things such as capital letters, numbers, and symbols to make the account more secure.